Breaches cost billions, but few take right steps to stop them


Unmatched coverage

The Springfield News-Sun digs into issues that affect consumers and local business in Clark County, including online security and protecting consumer information.

By the numbers

$20 billion to $140 billion — Potential annual cost to U.S. from cybercrime

$188 — Estimated cost per data breach in the U.S.

508,000 — Potential jobs lost in the U.S. due to cyber crime

Sources: Center for Strategic and International Studies, Ponemon Institute.

Cybercrime could cost U.S. businesses as much as $140 billion annually, but a professional hacker told a group of Springfield area employers Tuesday that few companies are taking the right steps to protect themselves from data breaches.

The Advanced Technical Intelligence Center and Avetec hosted a conference n Springfield, focusing on the variety of ways hackers can breach a security system, what they are looking for and why they might be motivated to do so.

The costs to businesses and individuals can be significant, as a recent massive data breach at Target has shown. A 2013 report from the Center for Strategic and International Studies showed the cost of cyber crime in the U.S. annually could range from about $20 billion to $140 billion.

Those crimes can also damage a company’s reputation, lead to a loss of jobs and make nations less secure through theft of military technology.

Often, companies and individuals have a false impression of what a hacker is, and don’t understand the risks associated with new technologies, said Dave Chronister, managing partner at Parameter Security. The St. Louis-based company is an ethical hacking firm that works with companies to test its security and provide training.

The idea that hackers are typically organized groups operating in secret is a myth, Chronister said. In reality, many hackers openly share information with each other, and can range from bored teenagers to government agencies.

“This is not a small group of people and they do not operate in the dark,” he said.

A hacker’s motivation might range from idealism to theft to revenge, but the end result is a loss of privacy and information, Chronister said.

Too often, companies spend money to make sure they are compliant with established practices, Chronister said, and believe firewalls and other security systems will protect their servers. But in many cases, hackers are instead looking for data available on an employee’s computer because it is easier and less risk is involved.

Companies also often have a false sense of security that hackers are looking at their information in the same way the company sees it. Instead, hackers often are just seeing what data is available and how it can be used.

“We expect them to go after the most valuable target,” Chronister said. “This is ridiculous.”

One of the goals of the event is to make businesses think more closely about how they protect their information, said Tim Shaw, a retired FBI agent and director of education for the Advanced Technical Intelligence Center in Beavercreek.

It’s also important to increase trust between businesses and law enforcement officials, Shaw said. Some companies are reluctant to admit that their data has been breached because it might reflect negatively on them. But Shaw said there’s a better chance to minimize damage by working closely with law enforcement.

A shortfall in workers trained to look for suspicious activity online is projected in the coming years, Shaw said. So ATIC will begin offering a 10-week training program beginning in May.

The event was co-sponsored by the Greater Springfield Chamber of Commerce. Security is a critical issue for area businesses, said Horton Hobbs, vice president of economic development at the chamber. He said the chamber also wants to support activities at the NextEdge Applied Research and Technology Park in Springfield, where Avetec is located.

Chronister argued the severity of hacking is not necessarily increasing, but businesses are becoming more aware of it. However, until companies start to focus more on preventing attacks and minimizing risk, hackers will continue to have an edge.

“It’s like the New York Mets against a T-ball team and they’re winning,” he said.

About the Author